The opportunities to use AI in workflow automation are many and varied, but one of the easiest ways to use AI to save time and improve your organization’s security posture is to build an automated SMS analytics service.
Workflow automation platform Tines provides a great example of how to do this: The vendor recently released its first native AI capabilities, and security teams have already started sharing the AI-enhanced workflows they’ve built using the platform.
Tines’ library of pre-built workflows includes AI-enhanced pre-built workflows for normalizing alerts, creating cases, and identifying phishing emails that require escalation.
Let’s take a closer look at the SMS Analytics workflow, which, like all pre-built workflows, is free to access and import and is available for use with free Community Edition accounts.
Here’s an overview of the workflow and a step-by-step guide to getting up and running with it.
Problem – SMS scam messages targeting employees
Employees often receive fraudulent SMS messages aimed at stealing login credentials or installing malware on their devices. These messages can lead to compromised accounts, unauthorized access to sensitive information, and potential breaches that could seriously damage an organization’s operations and reputation.
Responding to each report manually is time-consuming and error-prone, making it difficult for security teams to keep up with threat volume.
The Solution – Automated SMS Analysis Service
A web page with a form that invites employees to submit a message for analysis |
Using workflow automation, security teams can create an SMS analytics service that is available to all employees across the organization.
It works as a simple self-service model: when an employee receives a suspicious message, they visit a web page and submit a screenshot or URL of the message using a provided form. The form initiates a workflow that returns a response within seconds, with a clear, detailed analysis of the message and recommended next steps.
Below are some examples of images that may be submitted:
An example of the result you might receive is:
Automated analysis received by employees |
The text reads as follows:
Hello! Thank you for reporting the message. After analyzing the content, we noticed a few things.
The message states that your Amazon account has been locked due to multiple failed login attempts – a common phishing tactic in which attackers try to trick you into clicking a malicious link to “recover” your account.
The message gives off a sense of urgency, which is another red flag that it may be a phishing scam – legitimate businesses typically don’t demand immediate action in this way.
The link provided in the message (hxxp://s953909557/servweb) looks suspicious and although we have ensured that the link is safe, we strongly recommend that you do not click on it as it may lead to a malicious website aimed at stealing your login credentials or installing malware on your device.
Additionally, this message does not appear to be from a senior executive at our company (executive name). This may be a CEO fraud attempt where someone is impersonating a senior leader to request confidential information or take unauthorized actions.
In summary, this message displays several hallmarks of a typical phishing scam and should be treated with caution: We recommend that you do not click on the link provided and instead contact Amazon directly through their official website or customer service channels to check the status of your account.
If you have any further questions or concerns, please let me know. I am committed to ensuring the security of my organization.
Starting such a service provides the following key benefits:
- It promotes a culture of cybersecurity by making employees more vigilant and making more security-conscious decisions.
- Reduce repetitive manual tasks for your security teams
- Increased speed and accuracy of threat detection
Pre-built workflows shown in the Tines library |
Workflow overview
In this workflow, you’ll use Tines Pages to create an automated SMS analytics service that anyone in your organization can use.
Tools used:
- Tines – A popular workflow automation and orchestration platform for security teams. If you don’t have a paid account, you can build and run this workflow using the free Tines Community Edition. AI must be enabled on your tenant. Note that the use of AI actions is based on a credit system, but all accounts have a free credit limit.
- OCR – A free tool that analyzes images and multi-page PDF documents and returns extracted text results in JSON format. Pro plan available with higher usage limits.
The workflow is initiated by a submission on a Tines page, which contains a form that allows the user to submit an image or associated URL for an SMS message.
The workflow then uses OCR to extract text, and if the image exceeds the file size limit, it is resized using an Auto Mode Conversion action, which calls a small piece of Python code generated by Tines’ AI.
The workflow also retrieves an image if the input is a URL, and if an image is uploaded, it renames the image to match the required format.
Once the text is extracted, it is sent to an AI Action for analysis. The AI ​​prompt asks the language model to analyze it for signs of fraud and disable the link.
Below are the AI ​​prompts the Tines team used to create the workflow:
You are a virtual security analyst who analyzes a reported suspicious SMS. The screenshot of the SMS has been OCR’d by you.
The analysis is sent back to the user who sent the SMS. The SMS tone should be analyzed for common scams such as phishing, romance scams, fake invoices, fake tickets, etc.
Because this is an internal company tool, our biggest concern is CEO fraud, where someone is impersonating a senior executive. The senior executive at this company is (enter executive’s name and title here).
If a response contains a link that may be suspicious, be sure to remove it.
First of all:
“Hello! Thank you for reporting the message…”
AI Actions generate a response for the user, including analysis of whether the message is malicious and recommended next steps, such as not clicking on the link.
If the analysis fails for any reason, the user is prompted to try again or contact the security team.
Setting up a workflow – a step-by-step guide
The Tines Community Edition Registration Form |
1. Log in to Tines or create a new account.
2. Make sure AI is enabled on your tenant – you must be the Tenant Owner to do this – select the Account Settings dropdown at the top left of the screen and check the box to turn AI on.
OCR Space Registration Form |
Adding new credentials to Tines |
3. Create an OCR credential. If you don’t already have an OCR API account, set one up and get an API key for your account. On the Credentials page, select (New Credential). You’ll then be prompted to select the credential type (Text in this case) and fill in the required fields. Name the credential “ocr_space” and the credential will automatically connect to your workflow.
Importing stories from the library to your tenant |
Four. Navigate to a pre-built workflow in the library.
Tines drag-and-drop canvas workflow |
Five. Select Import, which takes you directly to your new pre-built workflow.
Editing the Teeth Page |
Customize your AI prompts |
6. Configure the action: For example, you can edit the layout of the Tines page that starts the workflow and customize the AI ​​prompt with the name of a company executive.
7. Test your workflow: Test your workflow by submitting an image through a form.
8. Publish the workflow and share the page URL with the desired users.
Building other automation platforms
It’s possible to build a similar service using another no-code automation platform, but be aware that some features of this workflow are specific to Tines.
- page: The workflow is initiated by a submission to a form on a web page, and the output is delivered via the same web page, which is built using Tines’ Pages feature.
- Alternative: We will receive your information and deliver the results to you via email.
- AI Actions: Tines’ AI Actions are unique in that they allow users to directly access and use language models at any point in their workflow while providing strong security guardrails – they do not train, log, inspect, or store any data flowing to or from the language model.
- Alternative: Connect to an external LLM such as ChatGPT for analysis, but if sensitive data is being passed, be sure to evaluate the security and privacy features of the model you plan to use.
- Event Transformation in Automatic Mode: This feature uses build-time AI to create Python code based on guidance and inputs provided by the builder. Once you save your changes, the code becomes fixed, meaning that when the action is taken, only the code runs and no AI is involved.
- Alternative: To transform the data, you can manually write Python code.
If you want to try out Tines’ AI for yourself and test this workflow, you can sign up for a free account which includes the AI ​​features.